Security
Security is our priority.
We always keep your data safe.
We know our users need to trust us. That's why we have military-grade data security.
We handle sensitive and often confidential audio and video files every day, which is why we maintain the highest standard of security at all times.
We’re fully certified to ISO 27001, verified by SAM (US government vendor), the UK Crown Commercial Service (CCS), Cyber Essentials and we're PCI DSS compliant.
In short,
no one sees your data but you
Read more below on our security position.
ISO 27001
certification
ISO 27001 was created by the International Standards Organization to provide a global standard for information security management systems (ISMS). It's considered the platinum standard for data security.
ISO 27001 requires the management team to implement three broad practices:
- Systemically examine the organization’s information security risks, taking account of any threats, vulnerabilities and impacts
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
Data security
For data transfer and storage, Trint uses HTTPS (using TLS 1.2) for secure data upload, export and transfer. Data is encrypted at-rest using AES 256. Physically, Trint stores your data in data centers owned and operated by Amazon Web Services (AWS). These data centers deliver the very highest levels of physical and infrastructure security.
Data retention & deletion
If you delete a transcript from your account, it is not permanently removed, but it is inaccessible. This allows us to recover deleted transcripts if you ask us to. All of your Trint related data, including media files and associated transcripts, are permanently deleted if you request we do so.
Users can request permanent deletion by contacting support@trint.com
Trint employees
Effective security begins with our team. Trint employees never look at your data without your permission. We use market leaders in personnel security to protect against vulnerabilities and internal threats.
Some of the tools and services we use:
- Verifile to perform background checks
- 1Password to securely generate and manage passwords
- F-Secure to guard against malware
- CyberSmart to enforce our employee computer equipment hardening policy.
In addition, employees are required to use single sign-on and 2-factor authentication (2FA) wherever these are supported.
Third party
sub-processors
Trint partners with third-party software providers to give the best possible customer experience. Before integrating with any company, Trint performs a review of their privacy protocols to ensure they have equally rigorous protection standards. When agreeing to the Terms of Use upon joining Trint, a user is agreeing to the sharing of certain information with third-party sub-processors that are vital to Trint’s functionality.
Trint uses the following as part of delivering its service:
- Auth0 for authentication and delivery of single sign-on capability
- Transloadit for transcoding media files
- Filestack for file selection and uploading
- Stripe for billing and payment
- Various analytics services (see our Privacy Policy for more information)
Billing & payments
Billing and payments are processed through a PCI-DSS-certified third-party payment processor, Stripe, which uses high-level encryption to protect all payment details entered. No Trint employee is able to view complete billing information for any user.
The following is visible to authorized Trint personnel:
- Account holder email
- Account subscription
- Account billing history
- Last 4 digits of card on file
- Address of card on file
- Invoices issued to the customer
- Any error codes produced by failed payments
If at any point you believe you have been wrongly charged, please reach out to support@trint.com
Data back-up &
retention
Trint provides a back-up and restore plan in the event of data center or system-wide events. Back-ups are performed four times per day. Trint retains back-ups for one year.
Business continuity
& disaster recovery
Trint implements a highly available and fault-tolerant service that can recover from events in a data center or other disaster. The Trint service is hosted on Amazon Web Services (AWS) and architected using either clustered services or serverless implementations as relevant to the use case.
Trint maintains a business continuity and disaster recovery plan. In the event of a natural disaster, a combination of our back-up strategy and infrastructure-as-code techniques would enable us to bring up a replacement environment in either a new AWS availability zone or region within a few hours.
Where we store your data
We understand that the security of your data is everything. We store your data in AWS data centers in the US with world-leading levels of security and availability. For customers with specific geographic storage requirements, EU-based data storage and processing will be available for new and existing customers in 2021.